Tips and tricks AWS Solutions Architect Associate #5
VPC
- Security group is stateful, NACL is stateless
- NACL needs inbound and outbound rules
- Default SG is not enought
- A public subnet does not imply a public IP
Bastion Host
Similar Posts
Tips and tricks AWS Solutions Architect Associate #7
amplify web or mobile app WAF geographic restriction, before ALB, IP filter, pattern, limit request Road 53 100 % availability, smart routing routing policies SNI: service name, multiple @ geolocalisation dns suppport, dns host names firewall manager waf shield advanced SG route 53 network firewall VPC (SG)
Solution Architect handbook
One of a the best book about Solution Architecture AWS oriented. AWS Solution Architect Handbook 1. Core Concepts Global Infrastructure: Regions, Availability Zones (AZs), Edge Locations. Shared Responsibility Model: AWS → Security of the cloud (infra, services). Customer → Security in the cloud (data, IAM, configs). Well-Architected Framework → 6 Pillars: Operational Excellence Security Reliability…
Tips and tricks AWS Solutions Architect Associate #9
User Pool: Provides built-in user management and authentication extensions. Identity Pool: Issues credentials and ephemeral identities for accessing AWS services. User Groups: Belonging to a group is optional. IAM Policy: Defined by version, ID, statement (with ID, effect, principal, action, resource). Certificate: Managed via AWS Certificate Manager. Cognito: Supports federated users (e.g., social or enterprise…
Tips and tricks AWS Solutions Architect Associate #11
ECS Fargate: Serverless option; AWS manages infrastructure, you specify RAM/CPU. EC2: User manages underlying instances. Networking & Access NLB (Network Load Balancer): High performance, static public IP, supports TCP/UDP. NAT Instance: EC2-based; allows private instances to access Internet. NAT Gateway: Managed, scalable, must be in public subnet, controlled by NACLs. Direct Connect: Dedicated physical link…
Tips and tricks AWS Solutions Architect Associate #8
RDS aurora serverless 15 read replicas/3AZ read replicas are not the same as Disaster Recovery Multi AZ is not the same as multi region By default, RDS is not multi AZ multi AZ cross regions does not exist for RDS, only for Aurora it exists aurora endpoint storage autoscaling RDS proxy <=> connection pool maintenance:…
Tips and tricks AWS Solutions Architect Associate #10
inesis (KDS, Firehose, Analytics) Kinesis Data Streams (KDS): Real-time data streaming; replayable up to 7 days. Kinesis Firehose: Delivers streaming data to S3, Redshift, or HTTP endpoints (fully managed, no storage). Kinesis Data Analytics: Real-time (RT) analytics on streaming data. EventBridge: Event bus that integrates AWS services with third-party apps. Autoscaling: Adjusts shard capacity automatically….